Advantages of embodiments of the present invention include preventing the 
unauthorized access to secure pages, the stealing of passwords by a third party, the 
falsification or modification of form data or the replaying of a valid form submission at a 
later time. Additionally, embodiments of the present invention do not require the 
licensing of security technology, such as SSL, from a third party vendor, and does not 
require special support in a user's web browser, such as https. Since authentication 
packets are transparent to the web server, the present invention can be used to integrate 
with any third party vendor's security application program interface (API) simply by 
modifying an applet and the software for an authentication or integration server. 

Having thus described at least one illustrative embodiment of the invention, 
various alterations, modifications and improvements will readily occur to those skilled in 
the art. Such alterations, modifications and improvements are intended to be within the 
scope and spirit of the invention. Accordingly, the foregoing description is by way of 
example only and is not intended as limiting. The invention's limit is defined only in the 
following claims and the equivalents thereto. 

What is claimed is: 



11 



5. The method of claim 4, wherein receiving a login packet comprises receiving from a 
computer a login packet having a hash of the session identification, the user name, and 
the password. 

6. A method for authenticating a user of a computer over a computer network, the 
method comprising: 

transmitting to the computer a signal having a unique session identifier and a first 
encryption key; 

receiving from the computer a login packet having the session identification, a 
user name, a password and a first hash of the session identification, the user name, and 
the password, wherein the session identification, the user name, and the password are 
encrypted using the first encryption key; 

decrypting the session identification, the user's name, and the password contained 
in the packet; 

receive information from an authentication provider; and 
authenticating the user's name and the password by using the information 
provided by the authentication provider. 

7. The method of claim 6, wherein authenticating the user's name and the password by 
using the information provided by the authentication provider comprises: 

receiving from the authentication provider a second encryption key; 
encrypting the user name and the password using the second encryption key and 
transmitting the encrypted user name and password to the authentication provider; 
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13. The method of claim 7, wherein the first hash and the second hash both include an 
MD5 hash. 

14. The method of claim 7, further comprising changing the first and the second 
encryption keys on a predetermined basis. 

15. A system for authenticating a user of a computer coupled to a computer network, the 
system comprising: 

a web server coupled to the computer network, wherein the web server is 
programmed to: 

5 transmit a signal having a challenge string and a first encryption key; 

receive a login packet having the challenge string and a password that is 
encrypted using the first encryption key; 
decrypt the password; 

receive information from an authentication provider; and 
10 authenticate the password by using the information provided by the authentication 

provider. 

16. The system of claim 15, wherein the signal is an applet and the challenge string 
includes a sequence number. 

17. The system of claim 15, wherein the signal is an applet and the challenge string 
includes a session identifier. 
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21. The system of claim 20, wherein to authenticate the user's name and the password by 
using the information provided by the authentication provider, the web server is 
programmed to: 

receive from the authentication provider a second encryption key; 

encrypt using the second encryption key and transmit to the authentication 
provider the user name and the password; 

receive from the authentication provider a second hash of the password and a 
character string; and 

determine from the second hash if the password is correct. 

22. The system of claim 20, wherein the authentication provider includes an 
authentication server. 

23. The system of claim 20, wherein the authentication provider includes a software 
program in communication with the computer network. 

24. The system of claim 21, wherein the authentication provider includes an 
authentication server. 

25. The system of claim 21, wherein the authentication provider includes a software 
program in communication with the computer network. 
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a challenge string, a user name, a password, wherein the session identification, the user 
5 name, and the password are encrypted using the first encryption key. 

30. The method of claim 28, wherein the computer readable program code having 
instructions for causing the computer system to receive a login packet comprises causing 
the computer system to receive from a computer a login packet having a hash of the 
session identification, the user name, and the password. 

31. An article of manufacture, comprising: 

a computer readable medium having computer readable program code for 
authenticating a user of a client computer over a computer network, the computer 
readable program code including instructions for: 
5 causing the computer system to transmit to the client computer a signal having a 

unique session identification and a first encryption key; 

causing the computer system to receive from the client computer a login packet 
having the session identification, a user name, a password and a first hash of the session 
identification, the user name, and the password, wherein the session identification, the 
10 user name, and the password are encrypted using the first encryption key; 

causing the computer system to decrypt the session identification, the user's 
name, and the password contained in the packet; and 

causing the computer system to receive information from an authentication 
provider; and 

15 causing the computer system to authenticate the user's name and the password by 
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